https://community.cloudera.com/t5/Support-Questions/log4j2-failure-CVE-2021-44228-in-cloudera/m-p/344371#M234153 <P>thank you <a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/35418">@ask_bill_brooks</a>&nbsp;</P><P>&nbsp;</P><P>I had seen this thread you passed, but it doesn't explicitly say which version of CM/CDH to run github's log4j script procedure.</P><P>&nbsp;</P><P>but I will consider version 5.x and 6.x to run this script.</P> Tue, 24 May 2022 17:44:18 GMT yagoaparecidoti 2022-05-24T17:44:18Z https://community.cloudera.com/t5/Support-Questions/log4j2-failure-CVE-2021-44228-in-cloudera/m-p/344363#M234150 <P>Hello</P><P>&nbsp;</P><P>about log4j2 failure (CVE-2021-44228) in cloudera</P><P>&nbsp;</P><P>there is the KB: <A href="https://my.cloudera.com/knowledge/Resolution-for-TSB-2021-545---Critical-vulnerability-in-log4j2?id=332012" target="_blank">https://my.cloudera.com/knowledge/Resolution-for-TSB-2021-545---Critical-vulnerability-in-log4j2?id=332012</A></P><P>&nbsp;</P><P>instructs to run the script to remove a class in the jar etc.</P><P>&nbsp;</P><P>our doubt is, do we need to run this script in any version of CM / CDH or just the version from 6.x.x?</P> Tue, 24 May 2022 15:42:26 GMT https://community.cloudera.com/t5/Support-Questions/log4j2-failure-CVE-2021-44228-in-cloudera/m-p/344363#M234150 yagoaparecidoti 2022-05-24T15:42:26Z https://community.cloudera.com/t5/Support-Questions/log4j2-failure-CVE-2021-44228-in-cloudera/m-p/344370#M234152 <P>Previously asked and answered in this thread:</P> <P><A href="https://community.cloudera.com/t5/Support-Questions/log4j2-vulnerability-CVE-2021-44228/m-p/332946/highlight/true#M231305" target="_blank" rel="noopener">log4j2 vulnerability (CVE-2021-44228)</A></P> <P>&nbsp;</P> <P>&nbsp;</P> Tue, 24 May 2022 17:19:39 GMT https://community.cloudera.com/t5/Support-Questions/log4j2-failure-CVE-2021-44228-in-cloudera/m-p/344370#M234152 ask_bill_brooks 2022-05-24T17:19:39Z https://community.cloudera.com/t5/Support-Questions/log4j2-failure-CVE-2021-44228-in-cloudera/m-p/344371#M234153 <P>thank you <a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/35418">@ask_bill_brooks</a>&nbsp;</P><P>&nbsp;</P><P>I had seen this thread you passed, but it doesn't explicitly say which version of CM/CDH to run github's log4j script procedure.</P><P>&nbsp;</P><P>but I will consider version 5.x and 6.x to run this script.</P> Tue, 24 May 2022 17:44:18 GMT https://community.cloudera.com/t5/Support-Questions/log4j2-failure-CVE-2021-44228-in-cloudera/m-p/344371#M234153 yagoaparecidoti 2022-05-24T17:44:18Z https://community.cloudera.com/t5/Support-Questions/log4j2-failure-CVE-2021-44228-in-cloudera/m-p/382269#M244527 <P>Hi&nbsp;<a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/96163">@yagoaparecidoti</a>&nbsp;</P><P>The log4j <SPAN>CVE-2021-44228 is fixed in 7.1.7 SP1</SPAN></P><P><SPAN><A href="https://docs.cloudera.com/cdp-private-cloud-base/7.1.7/runtime-release-notes/topics/rt-pvc-cve-sp1.html" target="_blank">https://docs.cloudera.com/cdp-private-cloud-base/7.1.7/runtime-release-notes/topics/rt-pvc-cve-sp1.html</A></SPAN></P> Tue, 16 Jan 2024 12:39:26 GMT https://community.cloudera.com/t5/Support-Questions/log4j2-failure-CVE-2021-44228-in-cloudera/m-p/382269#M244527 PrathapKumar 2024-01-16T12:39:26Z https://community.cloudera.com/t5/Support-Questions/log4j2-failure-CVE-2021-44228-in-cloudera/m-p/382270#M244528 <P>hi&nbsp;<a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/81261">@PrathapKumar</a>&nbsp;<BR /><BR />thanks for the answer!&nbsp;<span class="lia-unicode-emoji" title=":winking_face:">😉</span></P><P>but, I had already seen this KB from fixed CVE&nbsp;<span class="lia-unicode-emoji" title=":smiling_face_with_smiling_eyes:">😊</span></P> Tue, 16 Jan 2024 12:53:48 GMT https://community.cloudera.com/t5/Support-Questions/log4j2-failure-CVE-2021-44228-in-cloudera/m-p/382270#M244528 yagoaparecidoti 2024-01-16T12:53:48Z